I am using the MessageLoggingPolicy to send logs to Loggly, however, the syslog “header” section does not appear to be correctly formatted.
(The “structured data” and “message” portions, which I have configured in the policy’s element are correctly sent verbatim.)
This is the header portion which is appearing on the syslog messages:
<14>Fri Sep 26 01:32:23 UTC 2014Info:
This is followed by the string configured in my policy’s element.
Is there any way to change this behaviour? For instance, to set the time format as yyyy-MM-dd’T’hh:mm:ss, set the application name or message ID (per RFC 5424)?
Apologies for replying to an old thread, but was wondering if anything has changed? I’m logging to a syslog server set up in AWS and am only interested in the log message.
I do not want the header at all and was curious to know if there’s a way to modify it or simply remove this portion:
I know this thread is over 3 years old, but I can’t seem to find a more definitive answer either. We’re having issues with the timezone offset formatting which by the IEFT syslog format (RFC 5424) spec requires a “:” between hours and minutes.
I see there “may” be options to control the timezone settings for a private cloud installation, but nothing for public cloud instances.
There has to be people who are using Splunk, so my question is “How do you get around this issue?” Are you writing custom parsers in Splunk to deal with it?